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DETAILED ACTION 

1 . Claims 1-49 have been examined. 

Claim Objections 

2. Claims 35-38 is objected to because of the following informalities: they depend respectively to 
method claims 30, 30, 32 and 33. 

Claims 35-38 are interpreted as depending on claim 34. Appropriate correction is required. 
Double Patenting 

The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public 
policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the "right 
to exclude" granted by a patent and to prevent possible harassment by multiple assignees. See In re Goodman, 1 1 
F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In reLongi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van 
Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and, 
In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) may be used to overcome an actual 
or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or 
patent is shown to be commonly owned with this application. See 37 CFR 1.130(b). 

Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal 

disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).. 

3. Claims 1,12 and 29 are provisionally rejected on the ground of nonstatutory obviousness-type 
double patenting as being unpatentable over claims 1, 3 and 12 of copending Application No. 1 1 102422. 
Although the conflicting claims are not identical, they are not patentably distinct from each other because 
claims 1,12 and 29 of the instant application substantially recite the limitations of claims 1, 3 and 12 of 
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the cited US copending Application No. 1 1 1 02422 for generating a response by the server in regards to a 
client request taking in consideration a policy control criteria. 



Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis 
for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on sale in this 
country, more than one year prior to the date of application for patent in the United States. 

4. Claims 1 -49 are rejected under 35 U.S.C. 102(b) as being anticipated by Theimer, Marvin M. et 
al (hereinafter Theimer) US Patent No 5649099 

As per claim 1, Theimer discloses: 

A method of operating a storage server, the method comprising: 

receiving at the storage server, from a client, a first request to perform a storage- related operation 
relating to a set of data; 

(Column 4, lines 3-4, an intermediary making a request of a server on behalf of a client, touch base upon 
the client-server request). 

generating a second request in the storage server if the first request satisfies a defined criterion; 

( Column 4, line 5-8 , server executes the ACP to determine whether or not the requestor-that is, the 
intermediary-has been granted by the client the right to make the given request, illustrate the activity in 
the server side in order to determine if the client access is granted.) 
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sending the second request and information relating to the set of data from the storage server to a 
policy engine; 

(Column 15, lines 17-19, an allocation policy can be established to determine how many revocation 
objects any given client can have with respect to the server, indicates the policy criteria usage), 
receiving at the storage server, from the policy engine, a first response indicating a result of the 
policy engine having implemented a defined policy based on the information relating to the set of 
data; 

(Column 15, lines 17-19, an allocation policy can be established to determine how many revocation 
objects any given client can have with respect to the server, indicates the policy criteria being used in the 
client-server environment) . 

and sending a second response in accordance with the first response from the storage server to the 
client. 

(Column 14, line 67 and Column 15, line 1, Upon successful authentication the server complies with the 
client's request, touch the action of server in regards to client request). 

As per claim 2, Theimer discloses: 

A method as recited in claim 1, wherein the policy engine is external to the storage server. 

(Column 14, lines 30-32, if an ACP can be used on multiple servers. In this case, either the ACP must be 
able to read a revocation object stored on a remote server, touch base upon determining if access data is 
stored on a remote server). 
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As per claim 3, Theimer discloses: 

A method as recited in claim 1, wherein the storage server and at least a portion of the policy 
engine are implemented in a single physical platform. 

(Column 14, lines 25-28, ACP restricting access to one or more objects that reside on a single server, then 
that server-or, more precisely, its associated stable storage-is the ideal storage site for the ACP's 
revocation object, touch base upon a single computer hosting the server and ACP). 



As per claim 4, Theimer discloses: 

A method as recited in claim 1, wherein the first request is a request for a file managed by the 
storage server. 

(Column 1 , lines 60-61 , use of a print server to print a file that resides on a file server, illustrate the client 
request regarding to a file that managed by a file server). 

As per claim 5, Theimer discloses: 

A method as recited in claim 1, wherein the first request is a request to create a file. 

(Column 2, lines 12-16, user (e.g., as member of a group) may have permission to read and write various 
files in a directory, but may lack permission to modify the access controls of those files or the directory 
they are in, indicate the file creation request). 
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As per claim 6, Theimer discloses: 

A method as recited in claim 3, wherein the policy engine approves or denies the request to create 
the file based on a file type of the file. 

(Column 2, lines 58-60, access controls: Concepts such as restrictions over file types, access time limits, 
the homework example restrictions, or resource quotas, touch base upon the policy control based on a file 
type). 

As per claim 7, Theimer discloses: 

A method as recited in claim 4, wherein the file type of the file is indicated in the information 
relating to the set of data. 

(Column 2, lines 58-60, access controls: Concepts such as restrictions over file types, access time limits, 
the homework example restrictions, or resource quotas, touch base upon the restriction of the request 
based on a file type). 

As per claim 8, Theimer discloses: 

A method as recited in claim 1, wherein the defined criterion has been defined in the storage server 
by the policy engine. 

(Column 2, lines 38-41, Access control lists (ACLs) are lists of (name, access right) tuples. Such lists may 
be implemented as bit tables, linked lists, or other suitable data structures. Servers maintain ACLs and use 
them to decide whether or not to grant any given access request, touch base upon the criteria of the policy 
control used by the server). 
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As per claim 9, Theimer discloses: 

A method as recited in claim 1, wherein the policy engine determines whether to approve or deny 
the second request based on an identity of the client. 

(Column 2, lines 38-41, Access control lists (ACLs) are lists of (name, access right) tuples. Such lists may 
be implemented as bit tables, linked lists, or other suitable data structures. Servers maintain ACLs and use 
them to decide whether or not to grant any given access request, touch base upon determining if the client 
request is to be conducted after checking the ACL security policy). 



As per claim 10, Theimer discloses: 

A method as recited in claim 1, wherein the policy engine determines whether to approve or deny 
the second request based on an identity of a user of the client. 

(Column 6, lines 44-46, checking whether the user or process whose name is "name" has access rights to 
"resource" that allow "request" to be performed on "resource", touch base upon determining if the use is 
allowed to access the resource). 

As per claim 1 1 , Theimer discloses: 

A method as recited in claim 1, wherein the policy engine determines whether to approve or deny 
the second request based on an identity of the storage server. 

(Column 9, lines 31-36, Authentication server 30 and its associated secure channels 35 can be included in 
system 1 for the purpose of two-party authentication, whether or not authentication server 30 is also used 
to support ACP authentication. Various other kinds of two-party authentication can also be used, touch 
base upon the security policy to determine the server identity). 
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As per claim 13, Theimer discloses: 

A method as recited in claim 1, wherein the policy engine determines whether to approve or deny 
the second request based on a quota. 

(Column 2, lines 58-60, access controls: Concepts such as restrictions over file types, access time limits, 
the homework example restrictions, or resource quotas, touch base upon the restriction of the request 
based on resource quotas). 

As per claim 14, Theimer discloses: 

A method as recited in claim 1, wherein the policy engine determines whether to approve or deny 
the second request based on a number of times the set of data has been accessed during a period of 
time. 

(Column 2, lines 58-60, access controls: Concepts such as restrictions over file types, access time limits, 
the homework example restrictions, or resource quotas, touch base upon the restriction of the request 
based on access time limit). 

As per claim 1 5, Theimer discloses: 

A method as recited in claim 1, wherein the storage server defers sending the client any response to 
the first request until the storage server receives the first response from the policy engine. 

(Column 15, lines 16-21, if a server can support only a limited number of revocation objects, an allocation 
policy can be established to determine how many revocation objects any given client can have with 
respect to the server. Any of a number of such allocation policies, including preallocation of all 
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revocation objects among clients, illustrate the checking process of the server prior to honoring a client 
request). 



As per claim 16, Theimer discloses: 

A method as recited in claim 1, further comprising: 

responding to the first request at the storage server by using metadata in the storage server to 
determine that the set of data is stored externally to, and remotely from, the storage server; 

(Column 14, lines 30-32, if an ACP can be used on multiple servers. In this case, either the ACP must be 
able to read a revocation object stored on a remote server, touch base upon determining if access data is 
stored on a remote server). 

wherein the policy engine responds to the second request by retrieving the set of data from storage 
and provides the set of data to the storage server in conjunction with the first response. 

(Column 138, lines 32-37, using the server to check a value returned by the access control program thus 
executed; and if and only if the determination thus made by the server is that the client approves the 
service request, using the server to execute the service request, and otherwise using the server to deny the 
service request, touch base upon the feedback of ACP prior to the server honoring the client request). 

As per claim 1 8, Theimer discloses: 

A method of operating a policy engine, the method comprising: 

receiving at the policy engine, from a storage server, a first request and information relating to a set 
of data, the first request being in response to a storage- 
related client request received by the storage server from a client and relating to the set of data; 
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(Column 15, lines 17-19, an allocation policy can be established to determine how many revocation 
objects any given client can have with respect to the server, indicates the policy criteria being used in the 
client-server environment). 

applying a defined policy in the policy engine using the information relating to a set of data; 

(Column 15, lines 17-19, an allocation policy can be established to determine how many revocation 
objects any given client can have with respect to the server, indicates the policy criteria usage). 
And sending a first response from the policy engine to the storage server to indicate a result of 
applying the defined policy, the first response to cause the storage server to send a second response 
to the client in accordance with the first response. 

(Column 15, lines 17-19, an allocation policy can be established to determine how many revocation 
objects any given client can have with respect to the server, indicates the policy criteria usage governing 
server response to a client request). 

As per claim 19, Theimer discloses: 

A method as recited in claim 18, wherein the policy engine is external to the storage server. 

(Column 14, lines 30-32, if an ACP can be used on multiple servers. In this case, either the ACP must be 
able to read a revocation object stored on a remote server, touch base upon determining if access data is 
stored on a remote server). 
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As per claim 20, Theimer discloses: 

A method as recited in claim 18, wherein the storage server and at least a portion of the policy 
engine are implemented in a single physical platform. 

(Column 14, lines 25-28, ACP restricting access to one or more objects that reside on a singie server, then 
that server-or, more precisely, its associated stable storage-is the ideal storage site for the ACP's 
revocation object, touch base upon a single computer hosting the server and ACP). 

As per claim 2 1 , Theimer discloses: 

A method as recited in claim 18, wherein the client request is a request for a file managed by the 
storage server. 

(Column 1, lines 60-61, use of a print server to print a file that resides on a file server, illustrate the client 
request regarding to a file that managed by a file server). 

As per claim 22, Theimer discloses: 

A method as recited in claim 18, wherein the client request is a request to create a file. 

(Column 2, lines 12-16, user (e.g., as member of a group) may have permission to read and write various 
files in a directory, but may lack permission to modify the access controls of those files or the directory 
they are in, indicate the file creation request). 
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As per claim 23, Theimer discloses: 

A method as recited in claim 22, wherein applying the defined policy comprises approving or 
denying the request to create the file based on a file type of the file. 

(Column 2, lines 58-60, access controls: Concepts such as restrictions over file types, access time limits, 
the homework example restrictions, or resource quotas, touch base upon the policy control based on a file 
type). 

As per claim 24, Theimer discloses: 

A method as recited in claim 23, wherein the file type of the file is indicated in the information 
relating to the set of data. 

(Column 2, lines 58-60, access controls: Concepts such as restrictions over file types, access time limits, 
the homework example restrictions, or resource quotas, touch base upon the restriction of the request 
based on a file type). 

As per claim 25, Theimer discloses: 

A method as recited in claim 18, further comprising using the policy engine to define a criterion in 
the storage server, for use by the storage server to determine when a subsequent client request is to 

be referred to the policy engine for resolution. 

(Column 2, lines 38-41, Access control lists (ACLs) are lists of (name, access right) tuples. Such lists may 
be implemented as bit tables, linked lists, or other suitable data structures. Servers maintain ACLs and use 
them to decide whether or not to grant any given access request, touch base upon the criteria of the policy 
control used by the server). 
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As per claim 26, Theimer discloses: 

A method as recited in claim 18, wherein applying the defined policy comprises approving or 
denying the second request based on an identity of the client. 

(Column 2, lines 38-41, Access control lists (ACLs) are lists of (name, access right) tuples. Such lists may 
be implemented as bit tables, linked lists, or other suitable data structures. Servers maintain ACLs and use 
them to decide whether or not to grant any given access request, touch base upon determining if the client 
request is to be conducted after checking the ACL security policy). 

As per claim 27, Theimer discloses: 

A method as recited in claim 18, wherein applying the defined policy comprises approving or 
denying the second request based on an identity of a user of the client. 

(Column 6, lines 44-46, checking whether the user or process whose name is "name" has access rights to 
"resource" that allow "request" to be performed on "resource", touch base upon determining if the use is 
allowed to access the resource). 

As per claim 28, Theimer discloses: 

A method as recited in claim 18, wherein applying the defined policy comprises approving or 
denying the second request based on an identity of the storage server. 

(Column 9, lines 31-36, Authentication server 30 and its associated secure channels 35 can be included in 
system 1 for the purpose of two-party authentication, whether or not authentication server 30 is also used 
to support ACP authentication. Various other kinds of two-party authentication can also be used, touch 
base upon the security policy to determine the server identity). 
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As per claim 29, Theimer discloses: 

A method as recited in claim 18, wherein applying the defined policy comprises approving or 
denying the second request based on a user-based quota. 

(Column 24, lines 6-9, A variety of default provisions are desirable in most or even all ACPs. These 
include expiration times, intended users, and intended access scope, illustrate the access restriction based 
on users). 

As per claim 30, Theimer discloses: 

A method as recited in claim 18, wherein applying the defined policy comprises approving or 
denying the second request based on a quota applicable to the set of data. 

(Column 2, lines 58-60, access controls: Concepts such as restrictions over file types, access time limits, 
the homework example restrictions, or resource quotas, touch base upon the restriction of the request 
based on resource quotas). 

As per claim 3 1 , Theimer discloses: 

A method as recited in claim 18, wherein applying the defined policy comprises approving or 
denying the second request based on a quota applicable to the storage server. 

(Column 2, lines 58-60, access controls: Concepts such as restrictions over file types, access time limits, 
the homework example restrictions, or resource quotas, touch base upon the restriction of the request 
based on resource quotas). 
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As per claim 32, Theimer discloses: 

A method as recited in claim 18, wherein applying the defined policy comprises approving or 
denying the second request based on a number of times the set of data has been accessed during a 
period of time. 

(Column 2, lines 58-60, access controls: Concepts such as restrictions over file types, access time limits, 
the homework example restrictions, or resource quotas, touch base upon the restriction of the request 
based on time limit). 

As per claim 33, Theimer discloses: 

A method as recited in claim 18, further comprising the policy engine responding to the second 
request by retrieving the set of data from remote storage and providing the set of data to the 
storage server in conjunction with the first response. 

(Column 14, lines 30-32, if an ACP can be used on multiple servers. In this case, either the ACP must be 
able to read a revocation object stored on a remote server and Column 138^ lines 32-37, using the server 
to check a value returned by the access control program thus executed; and if and only if the 
determination thus made by the server is that the client approves the service request, using the. server to 
execute the service request, and otherwise using the server to deny the service request, touch base upon 
the feedback of ACP prior to a remote server honoring the client request) 
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As per claim 48, Theimer discloses: 

A method of operating a storage server, the method comprising: 

receiving at the storage server, from a client, a request to perform a storage- related operation 
relating to a set of data; 

(Column 4, lines 3-4, an intermediary making a request of a server on behalf of a client, touch base upon 
the client-server request). 

if the first request satisfies a defined criterion, then operating the storage server to invoke a policy 
engine configured to determine a disposition of the request; 

(Column 4, line 5-8 , server executes the ACP to determine whether or not the requestor-that is, the 
intermediary-has been granted by the client the right to make the given request, illustrate the activity in 
the server side in order to determine if the client access is granted.) 

receiving at the storage server a response from the policy engine indicating a disposition of the 
request; 

(Column 4, line 5-8 , server executes the ACP to determine whether or not the requestor-that is, the 
intermediary-has been granted by the client the right to make the given request, indicates the server 
response to a client request after consulting the ACP). 

and responding to the request in accordance with the response from the policy engine. 

(Column 15, lines 17-19, an allocation policy can be established to determine how many revocation 
objects any given client can have with respect to the server, indicates the policy criteria being used in the 
client-server environment). 
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As per claim 49, Theimer discloses: 

A method as recited in claim 48, wherein the policy engine is external to the storage server. 

(Column 14, lines 30-32, if an ACP can be used on multiple servers. In this case, either the ACP must be 
able to read a revocation object stored on a remote server, touch base upon determining if access data is 
stored on a remote server). 

Claims 34-41 and 43-45 and 47 are system claims respectively corresponding to method claims 1,4-7,9, 
29, 30,14,15 and 31; Therefore are rejected under the same rational as claims 1,4-7,9, 29-30,14-15 and 31. 



5. Claims 12 and 42 are rejected under 35 U.S.C. 103(a) as being unpatentable over Theimer, in 
view of the "Storage Management Solution for distributed Computing Environments" 
October 1996 Hewlett-Packard Journal 

As per claim 12, Theimer does not explicitly disclose: 

the information relating to the set of data comprises information specifically identifying the storage 
server from among a plurality of storage servers that are coupled to the policy engine. 
However the Hewlett-Packard journal in page 4, paragraph Enterprise-Wide Storage Management and Fig 
4 page 5, illustrate the information relating to the set of data comprises information specifically 
identifying the storage server from among a plurality of storage servers that are coupled to the 
policy engine. 
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Therefore, it would have been obvious to a person in the ordinary skill in the art at the time of the 
invention to incorporate the teaching of Hewlett-Packard into the method of Theimer. One having 
ordinary skill in the art would have found it motivated to use identifying the storage server from among 
a plurality of storage servers that are coupled to the policy engine 

into the method of Theimer for the purpose of enabling a single point of control of the data management. 

Claim 42 is a system claim corresponding to method claim 12;Therefore it is rejected under the same 
rational as claim 12. 



6. Claims 17 and 46 are rejected under 35 U.S.C. 103(a) as being unpatentable over Theimer, in 
view of the Khalidi, Yousef A European Patent Application No EP 1 100001 A2 t 

As per claim 17, Theimer does not explicitly disclose: 

using one of a plurality of storage protocols implemented by the storage server to access the set of 
data, the plurality of storage protocols including a block-level storage protocol and a file-level 
storage protocol, However Khalidi discloses: 

(Column 1, lines 9-11, secondary storage systems supporting both the file-level and block-level access 
protocols in computers). 

Therefore, it would have been obvious to a person in the ordinary skill in the art at the time of the 
invention to incorporate the teaching of Khalidi into the method of Theimer. One having ordinary skill in 
the art would have found it motivated to using one of a plurality of storage protocols implemented by 
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the storage server to access the set of data, the plurality of storage protocols including a block-level 
storage protocol and a file-level into the method of Theimer for the purpose of enabling a wide range of 
storage protocols. 

Claim 46 is a system claim corresponding to method claim 17;Therefore, it is rejected under the same 
rational as claim 17. 



7. Conclusion 



The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 

US-20040044744, Grosner, George et al 
US-20040078419, Ferrari, Stephen et al 
US-20020133561, O'Brien, Brett el al 
US-20020 120741, Webb, Theodors S. et al 
US-20030046396, Richter, Roger K. el al 
US-20020042866, Grant, Robert et al 
. US-20020087479, Malcolm, Pater 
US-68323 13, Parker, Thomas Anthony 
US-6757753, Dekoning, Rodney A et al 
US-6401 126, -Douceur, John R. et al 
US-6606744, Mikurak, Michael G 
US-6523027, Underwood, Roy Aaron 
US-6324581, Xu, Yikang et al 
US-6256773, Bowman-Amuah, Michael K 
US-6253217, Dourish, James P el al 



Any inquiry concerning this communication or earlier communications from the examiner should be 
directed to Tarek Chbouki whose telephone number is 571-2703154. The examiner can normally be 
reached on Mon-Fri 7:30 am to 5:00 pm EST. If attempts to reach the examiner by telephone are 
unsuccessful, the examiner's supervisor, Chameli Das can be reached on 

571-2723696. The fax phone number for the organization where this application or proceeding is 
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